Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method of providing a unified access to systems, the method including: storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications include non-federated entities that do not share a common identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; verifying that an intermediary service coupled to the interoperability network, upon receiving a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications, has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service with particular user credentials for the particular remote computer application from the central repository.
A method for unified system access stores user credentials for multiple remote applications in a central repository accessible via a network. These applications don't necessarily share a common identity verification method. The system receives a network credential that authorizes a user to access these applications and their stored credentials. When an intermediary service requests to perform a task on behalf of the user that requires access to a specific remote application, the system verifies that the service has permission to act on the user's behalf. If authorized, the system automatically provides the intermediary service with the appropriate user credentials from the central repository for that specific remote application.
2. The method of claim 1 , further including for a plurality of intermediary services coupled to the interoperability network, receiving a selection specifying at least one intermediary service to act on behalf of the user by accessing user's credentials.
The method described above also includes a feature where, for multiple intermediary services, the system receives a selection specifying which service(s) are permitted to act on behalf of the user by accessing the user's credentials. This allows users to choose specific intermediary services that they trust to access their credentials.
3. The method of claim 1 , further including receiving instructions specifying a degree of authorization of the intermediary service.
The method described above also includes a feature where instructions are received that specify the degree of authorization granted to an intermediary service. This means users can set granular permissions, controlling what each intermediary service is allowed to do with their credentials, rather than just an all-or-nothing authorization.
4. The method of claim 1 , wherein the particular remote computer application is an on-demand service.
The method described above is applicable when the specific remote computer application needing access is an on-demand service (e.g., a cloud-based application that provides services as needed). This covers scenarios where the remote application is not a permanently installed piece of software, but rather a service accessed over the internet.
5. The method of claim 1 , wherein the intermediary service is an on-demand service.
The method described above is applicable when the intermediary service requesting access is an on-demand service (e.g., a cloud-based application acting as an intermediary).
6. The method of claim 1 , wherein verifying that the intermediary service has authorization includes checking a policy to determine conditions that the user has set for the intermediary service to act on behalf of the user.
In the method described above, verifying the authorization of the intermediary service involves checking a policy that contains conditions set by the user for that service to act on their behalf. This allows users to define rules or requirements that the intermediary service must meet before being granted access to their credentials.
7. The method of claim 1 , further including retrieving user credentials for the particular remote computer application and applying an enrichment prior to automatically providing the particular user credentials to the particular remote computer application.
The method described above further includes retrieving user credentials for the specific remote computer application and then applying an "enrichment" to these credentials before providing them to the application. This enrichment step modifies or enhances the credentials with additional information before they are used.
8. The method of claim 7 , wherein the enrichment includes at least one of a digital signature and a tariff calculator for a purchase order.
In the method described above, the "enrichment" of the user credentials (before providing them to the remote application) includes adding either a digital signature for security or a tariff calculator for a purchase order to the credentials.
9. The method of claim 1 , further including sending a notification to the user when the intermediary service accesses user credentials of the user.
The method described above further includes sending a notification to the user whenever an intermediary service accesses their credentials. This provides users with visibility into when and how their credentials are being used.
10. The method of claim 9 , wherein the notification identifies at least one of: the intermediary service; the particular remote computer application for which the user credentials were accessed; a user account associated with the user credentials; and an outcome of the intermediary service accessing user credentials of the user.
In the method described above, the notification sent to the user when an intermediary service accesses their credentials includes information identifying the intermediary service, the specific remote computer application being accessed, the user account associated with the accessed credentials, and the outcome of the intermediary service accessing those credentials.
11. The method of claim 9 , further including, in response to sending the notification, receiving instructions from the user for at least one of: revoking authorization of the intermediary service to act on behalf of the user; and modifying authorization of the intermediary service to act on behalf of the user.
In the method described above, after sending a notification to the user about an intermediary service accessing their credentials, the system can receive instructions from the user to either revoke the intermediary service's authorization to act on their behalf completely or modify the authorization, changing the permissions granted to that service.
12. A system of providing a unified access to systems, the system including: one or more processors coupled to memory storing computer instructions that, when executed on the processors, implement actions including: storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications include non-federated entities that do not share a common identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; verifying that an intermediary service coupled to the interoperability network, upon receiving a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications, has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service with particular user credentials for the particular remote computer application from the central repository.
A system for providing unified access stores user credentials for multiple remote applications in a central repository accessible via a network. These applications may not share a common identity verification. The system receives a network credential that authorizes a user to access these applications and their credentials. When an intermediary service requests to perform a task on behalf of the user that requires access to a specific remote application, the system verifies that the service is authorized. If authorized, the system automatically provides the intermediary service with the appropriate user credentials for that application. This is all implemented using processors and memory executing specific computer instructions.
13. The system of claim 12 , further configured to receive, for a plurality of intermediary services coupled to the interoperability network, a selection specifying at least one intermediary service to act on behalf of the user by accessing user's credentials.
The system described above can also receive a selection specifying which intermediary service(s) are allowed to access a user's credentials, giving the user control over which services can act on their behalf by accessing their credentials (as described in claim 2).
14. The system of claim 12 , further configured to receive instructions specifying a degree of authorization of the intermediary service.
The system described above can also receive instructions specifying the degree of authorization for an intermediary service, enabling granular permissions management (as described in claim 3).
15. The system of claim 12 , wherein the particular remote computer application is an on-demand service.
In the system described above, the particular remote computer application being accessed is an on-demand service (as described in claim 4).
16. The system of claim 12 , wherein the intermediary service is an on-demand service.
In the system described above, the intermediary service accessing user credentials is an on-demand service (as described in claim 5).
17. The system of claim 12 , wherein verifying that the intermediary service has authorization includes checking a policy to determine conditions that the user has set for the intermediary service to act on behalf of the user.
In the system described above, verifying the authorization of the intermediary service involves checking a policy to determine conditions the user has set for the intermediary service to act on their behalf (as described in claim 6).
18. The system of claim 12 , further including retrieving user credentials for the particular remote computer application and applying an enrichment prior to automatically providing the particular user credentials to the particular remote computer application.
The system described above also retrieves user credentials for the particular remote computer application and applies an enrichment prior to providing the credentials to the application (as described in claim 7).
19. The system of claim 18 , wherein the enrichment includes at least one of a digital signature and a tariff calculator for a purchase order.
In the system described above, the enrichment includes at least one of a digital signature and a tariff calculator for a purchase order (as described in claim 8).
20. A non-transitory computer readable medium storing a plurality of instructions for programming one or more processors to provide a unified access to systems, the instructions, when executed on the processors, implementing actions including: storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications include non-federated entities that do not share a common identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; verifying that an intermediary service coupled to the interoperability network, upon receiving a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications, has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service with particular user credentials for the particular remote computer application from the central repository.
A non-transitory computer-readable medium stores instructions that, when executed by processors, cause the system to store user credentials for multiple remote applications in a central repository accessible via a network. These applications might not share a common identity verification method. The system receives a network credential that authorizes a user to access the applications and their stored credentials. When an intermediary service requests to perform a task for the user that requires accessing a specific remote application, the system verifies that the service is authorized. If authorized, the system automatically provides the intermediary service with the user credentials for that remote application from the central repository. This effectively describes a computer program performing the method.
Unknown
October 24, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.